Date: Wed, 2 Apr 2003 17:36:25 +0400 From: Yar Tikhiy <yar@freebsd.org> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: security@freebsd.org Subject: Re: LOG_AUTHPRIV and the default syslog.conf Message-ID: <20030402133625.GA81907@comp.chem.msu.su> In-Reply-To: <20030402070244.A8569@sheol.localdomain> References: <20030401161142.GA19845@comp.chem.msu.su> <5.2.0.9.0.20030402074159.0741a088@192.168.0.12> <20030402070244.A8569@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 02, 2003 at 07:02:44AM -0600, D J Hawkey Jr wrote: > > FWIW, long ago, I set one of mine up as: > > *.err;authpriv.none /dev/console > *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none /var/log/messages > security.*;local0.*;authpriv.* /var/log/security > > I must have been thinking the same thing Yar does WRT authpriv and > /var/log/messages. > > Note that I also added local0, for ipmon(8); is it too late to > consider this hack as well as Yar's? Today's style is to send messages from packet filters to /var/log/security, and from authenticating functions to /var/log/auth.log. Additionally I think it would be poor style to use local0 in the default syslog.conf since local* should be left for site-specific purposes. Therefore I'd suggest changing src/sbin/ipmon/Makefile so that it will add ``-DLOGFAC=LOG_SECURITY'' to CFLAGS, and syncing ipmon.8; so ipmon(8) would behave consistently with the rest of the system. -- Yar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030402133625.GA81907>